oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: php5 pdo array overread/crash

From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 02 Aug 2012 13:47:54 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/02/2012 05:37 AM, Marcus Meissner wrote:

Hi,

I think this issue does not have a CVE id yet as far as I can see:

Prepared statements in PHP5 pdo can be used to cause an array
overread and crash of the php5 interpreter instance.

References: Report on Bugtraq:
http://seclists.org/bugtraq/2012/Jun/60 Upstream PHP bug (including
testcase) available at: https://bugs.php.net/bug.php?id=61755 
https://bugzilla.novell.com/show_bug.cgi?id=769785

Ciao, Marcus


Please use CVE-2012-3450 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQGtlqAAoJEBYNRVNeJnmTmfMQAKuAeGWG9FsAFqQXzno7Lfze
aGksvLs799vJOCj2a97lgoOK2rl3Q0YrqsAGdREZOPs9Xr3lTUrMPSMuivHj0ghb
9j269jLy3IKD6LcjZWi1GFbBx7IHVaEZ6W0pHaGUByXRe8eUZM6Ydu6k+J4gMVk1
kt/l55MIvryyY0nJXA3TeyZW3M6mCT76t/E7llczHnDlaztuuBVYEDBPclGepTId
EY+697OJQedMCXIjXoenKyn4D1bhDSGxNuW+7/Cju6phfpbIeYcdP7LWqTfdc7m/
KbN+Ry9jwcpv73usnFvVocRRdp7XtbHEtS4bJ0NlG8RqkWqbjdQIjYYK3EwiayAa
N519HfNJEnpW+avHrfGWE8Xw864I3W3SwjE0Z/3hKeGJffEwHW1x6apAeCfwKJ5O
5ak9yufZsrgUP/E4mO3lZXOMfkMnWO063icC+fKSV77MhFF44dkLwp5hlo2OesMz
EzTPA0XWMZ+k1veg+ISFNm6DAdQX8NlKrfZvbxrlfLiOe5nZmimCCyXeDGHCsqQw
KfpTB2nDseWntojIZf0vmZ+e4AKGoQ6ZeFOwbTdtyAG94cF5QMc2v4wZzVbBh+1U
5FDF2MKSeKMnYYJsrUxze/wOwD3upSxzyO6Wiy/4Kt1hHA9MdQw0G61tkA8n/YbN
xeQbLeuxtW2V0Ok/AkWh
=F43T
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: